Uploaded image for project: 'PUBLIC - Liferay Portal Enterprise Edition'
  1. PUBLIC - Liferay Portal Enterprise Edition
  2. LPE-4976

Unvalidated redirects when submitting forms

    Details

      Description

      Unvalidated redirects may allow an attacker to redirect users to phishing or malware sites. This redirect can happen after the user submits a form on the site. Sites are vulnerable regardless of how how the portal properties redirect.url.security.mode, redirect.url.domains.allowed, and redirect.url.ips.allowed is configured.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                samuel.kong Samuel Kong
                Reporter:
                samuel.kong Samuel Kong
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package
                  5.2 EE SP6 (5.2.10)
                  6.0 EE SP2 (6.0.12)